With over 300 million records leaked and over $1 billion stolen in 2015, chances are your organization has been, or will be, affected by a cyber attack. But with a few data retention policies and enforcement mechanisms, the future landscape of data security could drastically improve. Longtime cyber security expert and Blancco Technology Group’s Chief Strategy Officer, Richard Stiennon, sheds light on how organizations should think about data lifecycle management to limit their exposure to cyber attacks. What You’ll Learn: The current landscape of cyber risks and threats How to prioritize data lifecycle management within your overall security objectives How organizations can establish policies to reduce the impact of cyber hacks by continuously removing data from IT assets, devices, storage environments and virtual machines Why organizations should leverage data erasure as an indispensable tool in fending off cyber attacks

1. DATA ERASURE’S ROLE IN
LIMITING YOUR EXPOSURE
TO CYBER ATTACKS

2. MEET OUR SPEAKER
2
Richard Stiennon
Chief Strategy Officer
Blancco Technology Group
Seasoned cyber security/data privacy expert
Three-time cyber security author
Washington Post bestseller
Featured/quoted in WSJ, NY Times, Forbes,
etc.

3. WHAT WE’LL EXPLORE
The Current State of Cyber
Security
Data Erasure’s Place in the Cyber
Kill Chain
Limit Exposure Through
Information Lifecycle Management
Monstrous Cyber Attacks & Their
Impact on Businesses

4. THE CURRENT STATE OF
CYBER SECURITY

5. Malicious Attacks Occur Each Month
5
10%
4%
9%
Hacking
Loss of IP
DoS
Attacks 15%
10%
10% Physical
Loss
Insider Damage
Phishing
Source: ISACA, “State of Cybersecurity Implications for 2016”

6. Likelihood of Cyber Attacks in 2016
6
Source: ISACA, “State of Cybersecurity Implications for 2016”

7. Which of the following cyber security threats poses the
greatest risk to your organization?
• Malware
• Compromised credentials
• Exploited system vulnerabilities
• Hacked interfaces and APIs
• Improper/incomplete data removal
• Lost/stolen laptops and mobile devices
• Insecure disposal of storage equipment
• Broken authentication
• Broken encryption keys
• Advanced persistent threats (APT)
Live Audience Poll

8. MONSTROUS CYBER
ATTACKS & THEIR
IMPACT ON BUSINESSES

9. Sony Pictures: Hack of the
Century
9
47,000 Social
Security
Numbers
Leaked
100 Terrabytes of
Data Stolen
4 Unreleased Films
Leaked to Piracy Sites
Sensitive &
Inappropriate Emails
Leaked
Special Deleting
Algorithm Rendered
Computers & Servers
‘Brain-Dead’
Studio Executives’
Salaries Revealed

10. Saudi Aramco:
2012 Attack Massively Disrupts Business
10
01 02 03 04
35,000 Computers
Partially Wiped or
Totally Destroyed
Computer Technician
Opened Scam Email
& Clicked on Bad
Link
Flickering
Screens &
Disappearing
Files
Computers Shut
Down
The company temporarily stopped selling oil to domestic gas tank
trucks. After 17 days, the corporation relented and started giving oil
away for free to keep it flowing within Saudi Arabia.

11. Buckshot Yankee:
Worst Breach of U.S. Military Computers
11
Malicious Code Uploaded
onto Central Command
Network
Classified Data
Transferred to
Servers Under
Foreign Control
Every Windows
Machine in U.S.
Military Reimagined,
Costing $1 Billion
Flash Drive Inserted in
Military Computer Used
on Middle East Post

12. 12
Live Audience Poll
Which one of the following consequences are you most
concerned will result from a cyber attack?
• Audit conducted by regulatory body
• Lawsuits filed by customers
• Fines imposed by regulatory authorities
• Customer complaints
• Diminished sales and revenue
• Lost customers/terminated contracts
• Damaged reputation/negative publicity
• Falling stock price
• Investor fallout
• Other

13. DATA ERASURE’S PLACE IN
THE CYBER KILL CHAIN

14. IT Asset Disposal
Wiping Executives’
Devices
Reduction of Total
Targets
Data Hygiene
The Cyber Kill Chain

15. Reduce Attack Surface Area and Threat
Reduction
 Storage may be
inexpensive, but
protecting data is not
 If data isn’t kept
unnecessarily and is
removed permanently,
cyber risks and attacks
can be prevented

16. LIMIT EXPOSURE THROUGH
INFORMATION LIFECYCLE
MANAGEMENT

17. Manage Data Across Entire Lifecycle
17

18. Stage 1: Create
18
Create New Digital Content or Update/Modify Existing Content
Every day, we create
2.5 Quintillion
bytes of data
90% of all data
in the world today was
produced in the
last 2 years
How can you protect data during this stage?
Manage and monitor access control
Implement threat detection & scanning software
Classify & tag data so it can be found quickly and efficiently

19. Stage 2: Store
19
Commit Digital Data to Storage Repository
How can you protect data during this stage?
Manage and monitor access control
Encrypt sensitive data
Back up data for recovery or restoring lost/corrupted files

20. Stage 3: Use
20
View, Process & Use Data for Some Sort of Activity
How can you protect data during this stage?
Manage and monitor access control
Encrypt sensitive data
Create data loss prevention processes/tools to detect potential data breaches
Impose technological restrictions that control what users can do with digital information and
media
Companies who use
big data to drive business
decisions experience
20x
more profit growth

21. Stage 4: Share
21
Make Information Accessible to Other Parties, Internally or
Externally
How can you protect data during this stage?
Manage and monitor access control
Encrypt sensitive data
Create data loss prevention processes/tools to detect potential data breaches
Impose technological restrictions that control what users can do with digital
information and media

22. Stage 5: Archive
22
Move Inactive Data to Long-Term Storage
How can you protect data during this stage?
Manage and monitor access control
Encrypt sensitive data

23. Stage 6: Destroy
23
Erase Data According to Content Type, Usage, Retention Requirements and
Application
How can you protect data during this stage?
Manage and monitor access control
Erase data securely and verifiably

24. 24
Live Audience Poll
Where does data removal fit into your organization’s
cyber security priorities?
• Top priority
• Somewhat of a priority
• Minimal priority
• Not a priority at all

25. Auditors
Cost of Data Protection
Laws
Regulations
Risk of Data Loss
Profit
The Hierarchy of Data Erasure’s Need & Value

26. CONTENT YOU MAY FIND USEFUL:
“The Information End Game: What You Need to Know to Protect Corporate Data
Throughout its Lifecycle”: http://www2.blancco.com/en/white-paper/the-information-end-
game-what-you-need-to-know-to-protect-corporate-data
“Data Storage Dilemmas & Solutions”:
http://www.slideshare.net/BlanccoTechnologyGroup/data-storage-dilemmas-solutions
Try Blancco 5 For Free & Erase Data Permanently:
http://www2.blancco.com/blancco-5